[There's a reason that Yoda is the unofficial mascot of SBS.  Size indeed matters not.] Shavlik posts that it's updated it's XML file - THE OFFICIAL BLOG OF THE SBS DIVA
Mon, May 31 2004 22:32 bradley

Shavlik posts that it's updated it's XML file

Shavlik Technologies has released updated XML files for Shavlik HFNetChkPro.
XML data version = 1.1.2.105 
Last modified on 5/31/2004

 This update includes the following changes:
 - Added detection for Exchange Server 2003 SP1

(we are still testing the deployment instructions for this SP, thus the package
is not available for download and deployment at this time.  We will release an
updated XML file when this SP is available for download and deployment via Shavlik
HFNetChkPro.)

- Added detection and deployment for ISA Server 2000 SP2

I'm not surprised that the Exchange file is not ready to deploy.  I've seen some people having a bit issues with the install and it needs the GZIP patch prior to installation.  Plus post installation we need to adjust some settings.

Filed under:

# re: Shavlik posts that it's updated it's XML file

Thursday, June 03, 2004 12:17 AM by bradley

Just ran BSA on SBS2k3 with SQL and ISA.

Scan date: 03/06/2004 2:11 AM
Scanned with MBSA version: 1.2.3316.1
Security update database version: 2004.6.2.0
Office update database version: 11.0.0.6517
Security assessment: Severe Risk (One or more critical checks failed.)

And obtained the above even after a sucessful installation of

Successful May 28, 2004 Critical Update for SQL Server 2000 Desktop Engine (Windows) on Windows Server 2003 (KB829358)

DO I really want to install what they reccomend?

MS03-031 Cumulative Patch for Microsoft SQL Server (815495) File version is less than expected. [C:\Program Files\Microsoft SQL
Server\MSSQL\binn\console.exe, 2000.80.194.0 < 2000.80.818.0]

PLEASE LET ME KNOW.

Thanks to all the contributors. These pages have been very helpful.

# re: Shavlik posts that it's updated it's XML file

Friday, June 04, 2004 1:55 AM by bradley

The answer is NO.

All of my testing has been on a newly built sytem using
the March 2004 relase of SBS2k3 and the MSDN Dowload of Premium
CD on May 25,2004

SQL installation succesful
SBSmonitoring Instance Failed. Monitoring was not setup yet
Sharepoint Instance failed.

The system became unstable after this install. Certificates could not be created.
System was rebuilt from backup.

# re: Shavlik posts that it's updated it's XML file

Friday, June 04, 2004 10:40 AM by bradley

I think something else went on there. There is a timing issue with sharepoint

840685 - An event ID 1000 error message is logged to the application event log when you restart Windows Small Business Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;840685

But patching that instance should not cause your server to fall over like that.

# re: Shavlik posts that it's updated it's XML file

Saturday, June 05, 2004 10:40 PM by bradley

The 840685 Regedit works well. The first install from your Blogs.

The Certificate instability noted is caused by using PPOE aand ISA. When the work-around is finalized it shall be reported.

The recommended BSA patch is older then the patch that had been installed.
SQL2000-KB815495-8.00.0818-ENU.exe Date Published: 8/11/2003 Version: 8.0

SQL2000-KB829358-8.00.0884-ENU.exe Date Published: 1/20/2004 Version: 2000

Therefore the installation fails but only on the SQL Sharepoint Instance
The installation passes on the SQL, SQL SBSMonitoring Instance

SQL SP3A was reinstalled successfully but KB829358 still failed.
No confidence in a successful removal of SQL Sharepoint with Add-Remove becuase of the number of left over entries in registry and elsewhere.

# re: Shavlik posts that it's updated it's XML file

Sunday, July 11, 2004 4:26 PM by bradley

Shavlik also falsely report when scanning a completely up-to-date Windows XP system that I have one missing patch - TOOL03-039, deemed to be critical. This tool is far from critical, and Microsoft even say that it won't be needed unless Nachi and/or Blaster was detected on the system.

I have spoken to Shavlik about this "false positive" and they still insist that it is a needed tool. The alternative suggestion was to ignore this report.

Neither of these are correct.

If the tool isn't critical nor required, Shavlik's HFNetChk Pro should **NOT** report it as critical and missing. This is poor coding. Nothing else.

I am waiting for this to be addressed, and if not, they will be added to the ThreatCode.com site for falsely reporting missing tools. (And yes, it is a tool, not a patch.)

- HiltonT

# re: Shavlik posts that it's updated it's XML file

Sunday, July 11, 2004 4:36 PM by bradley

I disagree Hilton, you do a WU on that system and it will say that it's missing too. Shavlik is just doing what WU would do.

I pushed those down to my machines.

# re: Shavlik posts that it's updated it's XML file

Sunday, July 11, 2004 5:02 PM by bradley

I *always* do a WU, and it has never suggested that tool. Never. Not once.

Actually, Microsoft does not recommend that this tool is installed regardless of its need. If you have a look at http://support.microsoft.com/?kbid=833330 in the "Download and setup information" section you will see where Microsoft clearly states "Note If you use Automatic Updates, this update will be automatically installed if it is needed. You do not have to take any additional action".

I have not found anywhere on the Microsoft website nor in any of their documentation that I have here - including their Security Bulletins - where Microsoft recommends that this tool (it is not a patch, it is a worm removal tool) be installed regardless of whether the computer has previously been infected. If you can find some recommendation by Microsoft, I'd be glad to see it. Shavlik was unable to provide any proof of this.

Shavlik therefore falsely report that this tool is critical and missing. It is neither.

# re: Shavlik posts that it's updated it's XML file

Sunday, July 11, 2004 5:04 PM by bradley

I've seen it on WU.

# re: Shavlik posts that it's updated it's XML file

Sunday, July 11, 2004 5:06 PM by bradley

Yes, but, as per the Microsoft KB article I referenced, this will only appear if the machine had previously been infected by Nachi and/or Blaster. If that is not the case, then Microsoft clearly states that the tool is unnecessary and far from critical.

Shavlik need to learn to read the KB articles more closely, and report the facts, not their version of them.

# re: Shavlik posts that it's updated it's XML file

Sunday, July 11, 2004 5:09 PM by bradley

No I've gotten that on machines that never had either.

I'd rather have the tools there than not there. Sorry but they can stick that KB on my machines. Protection in any form is wise these days.

# re: Shavlik posts that it's updated it's XML file

Sunday, July 11, 2004 5:16 PM by bradley

Hi Susan,

That tool provides no protection. None whatsoever. All it does is remove crud left over after Blaster/Nachi has been disabled.

Also, Microsoft clearly state in that KB that this tool will *only* be offered if one of these two worms has been detected (and removed). No other time will tyhe tool be offered in WU. I'd say, then, that these machines must have been infected and you didn't know it. Microsoft says that is the case, and in this aprticular instance, I believe them. :)

Again, if a tool is unnecessary, then I'd rather not install it. Simple security reasoning here.